A method of detecting an attempt of an intruder system (30) to participate in a virtual Layer-2 service in a packet switching network, characterized in that said method also comprises the steps of :
monitoring an operational status of an interface port (PI) of a provider edge router (PE 1) to which a customer edge router (CE 1) is communicatively coupled for providing the virtual Layer-2 service;
detecting a change has occurred in the operational status of said interface port (PI) of said provider edge router (PEI);
retrieving a current version of information related to said customer edge router (CE 1);
comparing the current version of the information to an initial version of the information;
interpreting a difference between the versions of information to indicate that an intruder system (30) has attempted to participate in the virtual Layer-2 service,
disabling the interface port (PI) upon making said interpretation, and wherein the information includes configuration data other than a MAC or IP address relating to the
customer edge router (CE 1) which is obtainable from the customer edge router (CE1) via a management entity (14).